[arm-allstar] Multiple nodes on network using OVPN

David McGough kb4fxc at inttek.net
Mon Aug 26 02:55:43 EDT 2019 

Hi Mike,

I think you're over-thinking the VPN strategy. You only need a single VPN
server (VPN hub).  A single server will easily accommodate dozens or
hundreds of tunnels to clients. You can run multiple OpenVPN instances on
a single server, if needed, to isolate or load-balance groups of clients.  
An RPi4B (since it has REAL GigE connectivity) would make an excellent
OpenVPN hub.

I've looked through the message thread and have some questions.

1) Will each node have a public AllStar node number, allowing connections 
from the Internet?

2) Will each node have echolink loaded (with different node numbers), 
allowing public connections?


BTW, I run openvpn everywhere; to every single node in my network of many
RPi3Bs (I think those things multiply if you get them too close
together!).  I also run local WiFi to EVERY single node attached to a
radio or repeater! For WiFi, I put a Nanostation Loco M2 in or near the
repeater cabinet, making CERTAIN the keep the Ethernet wiring physically
isolated from the radios. I typically set the local WiFi power levels to
0dBm on both the Loco and RPi3B. This strategy evolved over years of
effort to keep the networking running, while having lightning PLASMA
flowing literally a few feet from the cabinets, as high as 1700 ft. in
the air on towers.

Another argument for WiFi is RPi3B/B+ architecture specific.  WiFi hangs
off its own SoC serial interface, whereas wired Ethernet hangs off the USB
controller. SO, using WiFi reduces USB loading and latency, dedicating the
USB bus to the audio FOBs.

I'll try to help you get going with this. Lately, I've been crazy busy 
with very little hobby time.

73, David KB4FXC



On Mon, 26 Aug 2019, "Mike Sullivan via ARM-allstar" wrote:

> The main reason I am wanting to run through OVPN is because they will also
have Echolink on their node, so I will have to give it it's own outward IP
to prevent any issues with Echolink on our node. My plan was to put them in
ports 4569-4571 on their own VPN server, but since I use 4569 on my club's
node, I wanted to make sure it wouldn't cause a port conflict since it
would be routed through OVPN.  In the meantime, I've also found out that
OpenVPN only supports 2 connections at once, so I will have to set up a
separate server for the third node.

Mike

On Sat, Aug 24, 2019 at 12:33 AM "Doug Crompton via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> Unless you need security from them or them from you there is no reason to
> complicate it with openvpn. Every server should have its own unique iax
> port number within the same IP address space and unique node numbers.
>
> As far as linking is concerned it is just a matter of connecting them
> together like any other Allstar connection. How the actual hardware is
> connected at each site is another matter and highly dependent on what the
> repeaters are using - Allstar as a repeater controller, a commercial
> controller?
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
> On Fri, Aug 23, 2019 at 9:29 PM "Mike Sullivan via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
> > I am building a Ubiquiti link to another club’s tower to set them up on
> > Allstar, they have two 2 meter sites that will eventually be linked
> locally
> > using Allstar, plus over the internet to a third site downtown. Since
> they
> > will be sharing an internet connection with our node which is using
> 4569, I
> > plan on running them through their own OpenVPN server. Since I’ll be
> > routing them to OVPN, will I need to change Iax ports or will I be okay
> to
> > leave as default?
> >
> > Also, any advice on linking two tower sites with Allstar over a local
> > network would be appreciated.
> >
> > Mike
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
_______________________________________________

ARM-allstar mailing list
ARM-allstar at hamvoip.org
http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar

Visit the BBB and RPi2/3 web page - http://hamvoip.org

More information about the ARM-allstar mailing list